DEV Community

Cover image for Python: How to Encrypt and Decrypt with AES
Ankit malik
Ankit malik

Posted on

Python: How to Encrypt and Decrypt with AES

#python #programming

Introduction

Sometimes we need to keep data secret—like passwords, personal details, or private messages. AES (Advanced Encryption Standard) is a very popular way to do this.

AES is a method of turning normal text into unreadable text (encryption) and then back to normal (decryption) using the same secret key (symmetric algorithm).

When you need to protect sensitive information—such as passwords, financial data, or confidential messages—encryption is essential.

Installation

Before you start:

  • Install Python 3.7 or newer.

  • Install the Python package cryptography by running:

    pip install cryptography

Understanding AES Encryption

AES is a symmetric key algorithm, which means the same secret key is used for both encryption and decryption.

Key sizes supported by AES:

  • 128 bits
  • 192 bits
  • 256 bits (the strongest and what we use in this example)

Modes of operation decide how the algorithm works internally. Common modes include:

  • ECB (Electronic Codebook): Simple but not very secure.
  • CBC (Cipher Block Chaining): Better than ECB but needs extra care for integrity.

  • GCM (Galois/Counter Mode): Modern and secure. It gives both encryption and a built-in check to ensure the data hasn’t been changed.

    In our code, we will use GCM mode.

Python Code Example

Here is a complete example:

import random import string import base64 from cryptography.hazmat.primitives.ciphers.aead import AESGCM def encrypt_with_aes(input: str, enc_key: str, iv: str): key = enc_key.encode() nonce = iv.encode() plaintext = input.encode() aesgcm = AESGCM(key) ciphertext = aesgcm.encrypt(nonce, plaintext, None) # Change the encrypted bytes to a readable Base64 string  ciphertext_str = base64.b64encode(ciphertext).decode() return ciphertext_str def decrypt_with_aes(input: str, enc_key: str, iv: str): key = enc_key.encode() nonce = iv.encode() ciphertext = base64.b64decode(input) aesgcm = AESGCM(key) decrypted = aesgcm.decrypt(nonce, ciphertext, None) return decrypted.decode() def generate_iv_string(length=16): # Create a random string for the nonce  chars = string.ascii_letters + string.digits + "#$()*+,-.:;<=>?@[]_" return ''.join(random.choices(chars, k=length)) enc_key = "1Xt5YfM4ZNuFdwp3OfVkwkhhQLagWKtt" # 32-character secret key iv = generate_iv_string(12) # make a random nonce/iv input = "This is a top secret message" ciphertext = encrypt_with_aes(input, enc_key, iv) # base64 encoded data print("Ciphertext:", ciphertext) decrypted = decrypt_with_aes(ciphertext, enc_key, iv) print("Decrypted:", decrypted)
Enter fullscreen mode Exit fullscreen mode

How the code works:

  • encrypt_with_aes: Takes the message and makes it unreadable.
  • decrypt_with_aes: Turns the unreadable message back to normal text.
  • generate_iv_string: Creates a new random nonce each time.

When you run it, you will see:

Ciphertext: I1M8nE7HxHlmv7uKZPM/FsorN4hIiNhAm8fg2TavM75Dxp00zFrgRQem67E= Decrypted: This is a top secret message
Enter fullscreen mode Exit fullscreen mode

Tips for Security

  • Keep the key safe: Don’t write the key directly in your real code. Store it in environment variables or a secure vault.
  • Use a different nonce every time: Never reuse the same nonce with the same key.
  • Change keys over time: For long-term projects, rotate (change) your keys regularly.

Conclusion

AES-GCM is a strong and trusted way to keep data safe.

With a few lines of Python, you can hide a message and later get it back using the same key.

To learn more, check the cryptography library documentation.

Top comments (0)